Reports about the National Security Agency PRISM program that appeared in the Guardian and the Washington Post have raised questions about whether tech giants such as Apple Inc. (NASDAQ:AAPL), Facebook Inc. (NASDAQ:FB) and Google Inc. (NASDAQ:GOOG) provide government agencies backdoor access to their servers and the user data that they contain.
The Guardian, in response to statements by companies that denied involvement, has published more details of the data collection conducted via PRISM and other NSA programs. The U.K. newspaper has described the spy agency’s direct access to the servers of nine tech companies, including Facebook and Google.
On Friday, Facebook CEO Mark Zuckerberg and Google CEO Larry Page issued statements denying the PRISM reports, with Zuckerberg calling coverage in the media “outrageous.” Both claimed their companies did not give out large chunks of user data to the U.S. government, and said they complied only with specific requests under the law. Page specifically said, “[T]he U.S. government does not have direct access or a ‘back door’ to the information stored in our data centers.”
However, those denials appear to conflict with one of the 41 slides appearing in a Microsoft PowerPoint presentation the Guardian described as being classified as top secret with no distribution to foreign allies and as apparently being used to train intelligence operatives on the capabilities of the PRISM program. The newspaper said it has confirmed the authenticity of the presentation. The slide states PRISM allows for “[c]ollection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google[,] Facebook, PalTalk, AOL, Skype, YouTube[,] Apple.”
The slide details different ways the NSA collects data under the Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008 that was renewed last December. The slide makes a distinction between PRISM, which it states is used for data collection from servers, and several other programs, including one that allows the NSA access to fiber-optic streams of data. The slide encourages intelligence officers to use both PRISM and the collection of data live from “fiber cables and infrastructure as data flows past.”
The New York Times reported Friday that, rather than give the U.S. government backdoor access, the tech giants were forced to create a separate area for PRISM data collection, with access given to the NSA. The article cited sources with knowledge of the situation as indicating the requested data were shared through these so-called mailboxes after the companies reviewed the relevant FISA requests and that the firms did not send the data automatically or in bulk.
The Times report appears to conflict with the information presented in the slide published by the Guardian. In turn, the content of the slide seems to conflict with statements made by the CEOs of Facebook and Google Friday.
Here is the full text of Facebook CEO Zuckerberg’s statement, published in a post on the site:
“I want to respond personally to the outrageous press reports about PRISM:
“Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn’t even heard of PRISM before yesterday.
“When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if is required by law. We will continue fighting aggressively to keep your information safe and secure.
“We strongly encourage all governments to be much more transparent about all programs aimed at keeping the public safe. It’s the only way to protect everyone’s civil liberties and create the safe and free society we all want over the long term.”
And here is the full text of Google CEO Page’s and Chief Legal Officer David Drummond’s statement, published in a post on the Google Official Blog:
“Dear Google users --
“You may be aware of press reports alleging that Internet companies have joined a secret U.S. government program called PRISM to give the National Security Agency direct access to our servers. As Google’s CEO and Chief Legal Officer, we wanted you to have the facts.
“First, we have not joined any program that would give the U.S. government -- or any other government -- direct access to our servers. Indeed, the U.S. government does not have direct access or a ‘back door’ to the information stored in our data centers. We had not heard of a program called PRISM until yesterday.
“Second, we provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process. Press reports that suggest that Google is providing open-ended access to our users’ data are false, period. Until this week’s reports, we had never heard of the broad type of order that Verizon received -- an order that appears to have required them to hand over millions of users’ call records. We were very surprised to learn that such broad orders exist. Any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false.
“Finally, this episode confirms what we have long believed -- there needs to be a more transparent approach. Google has worked hard, within the confines of the current laws, to be open about the data requests we receive. We post this information on our Transparency Report whenever possible. We were the first company to do this. And, of course, we understand that the U.S. and other governments need to take action to protect their citizens’ safety -- including sometimes by using surveillance. But the level of secrecy around the current legal procedures undermines the freedoms we all cherish.
“Posted by Larry Page, CEO and David Drummond, Chief Legal Officer”
Background On PRISM, The NSA And The Data-Collection Controversy
The controvery over domestic electronic surveillance began with a Guardian report about the U.S. government collecting millions of Verizon phone records and broadened with revelations about the NSA program known as PRISM. On Friday, the Guardian published a report widening it to both sides of the Atlantic Ocean, as U.K. spy agencies also have access to the intelligence data gathered through PRISM.
The same day, U.S. President Barack Obama conducted a press conference to address the reports, saying, “Nobody is listening to your telephone calls.” Obama said that while government agencies looked at phone numbers and the lengths of phone calls, “[T]hey are not looking at people’s names, and they are not looking at content.” About the government's collection of email and other online data, Obama said it “does not apply to U.S. citizens, and this does not apply to people living in the United States.”
On Saturday, the Guardian reported on a NSA program called Boundless Informant, an intelligence tool. Boundless Informant records and analyzes the agency’s data. The newspaper’s account calls into question the agency’s statements to the U.S. Congress that it was unable to keep track of its surveillance of American communications, as the tool is able to identify data sources, even mapping them by country.